Bug#735040: lintian: confusing tag name: debian-watch-may-check-gpg-signature
On 2018-01-23 23:28, Chris Lamb wrote: > tags 735040 + pending > thanks > > Fixed in Git: > > > https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=0cbebd4ba0b2a067383616e18981eeb9de5d7df2 Changelog (and commit) message says: "Rename bar to bar". Probably caused by a global s/foo/bar/. Andreas
Bug#735040: lintian: confusing tag name: debian-watch-may-check-gpg-signature
Hi Andreas, > Probably caused by a global s/foo/bar/. Hah, indeed - I did think of this, but I must have failed somehow with my clipboard-fu. :) Fixed in: https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=2cf59d1b62b4df81c56a36f498544732214db96c Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#735040: lintian: confusing tag name: debian-watch-may-check-gpg-signature
Mattia, > It's not, for tag like this people would just put the tag name in the > override file, which would work with whatever change you do to the > context. Of course; my point was that we have improved *other* tags. ie. there is "prior art" here. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#735040: lintian: confusing tag name: debian-watch-may-check-gpg-signature
On Wed, Jan 24, 2018 at 04:19:40AM +0530, Chris Lamb wrote: > We've done it before, including adding additional context data to overrides > (which is /almost/ the same as renaming it!). It's not, for tag like this people would just put the tag name in the override file, which would work with whatever change you do to the context. > At some point one just has to rename it to avoid future blah. Note that it > is a pedantic tag which changes the calculation a little for me. Right, but this is one of those "noisy" tags that most of the time the maintainer can do nothing about it, I believe I also overrode it in some of my packages. Please apply the following: diff --git a/data/override/renamed-tags b/data/override/renamed-tags index 8ee57ef2d..8d3460958 100644 --- a/data/override/renamed-tags +++ b/data/override/renamed-tags @@ -1,6 +1,7 @@ # list of renamed tag old name => new name. Please alpha sort by old name dep5-file-paragraph-reference-header-paragraph => dep5-file-paragraph-references-header-paragraph debian-changelog-has-wrong-weekday => debian-changelog-has-wrong-day-of-week +debian-watch-may-check-gpg-signature => debian-watch-does-not-check-gpg-signature package-install-apt-preferences => package-installs-apt-preferences package-install-apt-sources => package-installs-apt-sources package-install-ieee-data => package-installs-ieee-data (and if in the future you rename tags with many overrides in the archive, please add them here). -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#735040: lintian: confusing tag name: debian-watch-may-check-gpg-signature
Mattia, > Please apply the following: Done! Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#735040: lintian: confusing tag name: debian-watch-may-check-gpg-signature
Hi Mattia, > There are 300something packages overriding this tag. Renaming the tag > would cause all those overrides to be for naught, so please don't do it. We've done it before, including adding additional context data to overrides (which is /almost/ the same as renaming it!). At some point one just has to rename it to avoid future blah. Note that it is a pedantic tag which changes the calculation a little for me. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#735040: lintian: confusing tag name: debian-watch-may-check-gpg-signature
On Wed, Jan 24, 2018 at 03:58:40AM +0530, Chris Lamb wrote: > tags 735040 + pending > thanks > > Fixed in Git: > > > https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=0cbebd4ba0b2a067383616e18981eeb9de5d7df2 There are 300something packages overriding this tag. Renaming the tag would cause all those overrides to be for naught, so please don't do it. ISTR there was a facility in lintian somewhere (was it ever merged into master?) to support for renamed tags, if it does exist, that would cover my concerns. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#735040: lintian: confusing tag name: debian-watch-may-check-gpg-signature
tags 735040 + pending thanks Fixed in Git: https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=0cbebd4ba0b2a067383616e18981eeb9de5d7df2 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#735040: lintian: confusing tag name: debian-watch-may-check-gpg-signature
Hi, I have a naming suggestion taken from the first part of the extended description. This watch file does not include a means to verify the upstream tarball using cryptographic signature. Perhaps: debian-watch-does-not-check-for-gpg-signature By the way, the link to uscan on the lintian website goes to wheezy by default which does not include anything about gpg signatures. Should it point to sid? http://manpages.debian.net/cgi-bin/man.cgi?query=uscanapropos=0sektion=1manpath=Debian+unstable+sid Additionally, when it is a pedantic warning it is hard to convince small upstream projects to sign their releases when there is no clear advice on how to go about it. A link from the Lintian warning webpage would be handy. I would gladly start a wiki page if I knew what the best advice was. MySQL's approach: http://dev.mysql.com/doc/refman/5.7/en/checking-gpg-signature.html An example of how to download key and import/export to debian directory: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732450 Regards, Ross -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#735040: lintian: confusing tag name: debian-watch-may-check-gpg-signature
Package: lintian Version: 2.5.21 Severity: normal Hi, is it only me? But whenever I see this tag: debian-watch-may-check-gpg-signature I'm asking me But why is checking GPG signatures such a bad idea that lintian wants me to avoid doing it? Andreas PS: this mail is intentionally not pgp signed :-) PPS: thanks to this tag I learned about an interesting new uscan feature :-) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
